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Fischer,  Lynch  and  Paterson  [FLP]  proved  that  in  a  completely  asynchronous  system 
“weak  agreement”  cannot  be  achieved  even  in  the  presence  of  a  single  “benign”  fault. 
Following  the  direction  proposed  in  [ABDK],  we  demonstrate  the  interesting  fact  that 
some  weaker  forms  of  processor  cooperation  are  still  achievable  in  such  a  situation,  and 
in  fact,  even  in  the  presence  of  up  to  t  <  n/2  such  faulty  processors.  In  particular,  we 
show  that  n  processors,  each  having  a  distinct  name  taken  from  an  unbounded  ordered 
domain,  can  individually  choose  new  distinct  names  from  a  space  of  size  n  +  t  (where  n  is 
an  obvious  lower  bound).  In  case  the  new  names  are  required  also  to  preserve  the  original 
order,  we  give  an  algorithm  in  which  the  space  of  new  names  is  of  size  2*(  n  -  t  +  1)  -  1. 
which  is  tight. 
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Abstract 

Fischer,  Lynch  and  Paterson  (FLPJ  proved  that  in  a  completely  asynchronous  system 
‘‘weak  agreement*  cannot  be  achieved  even  in  the  presence  of  a  single  “benign*  fault. 
Following  the  direction  proposed  in  [ABDK],  we  demonstrate  the  interesting  fact  that 
some  weaker  forms  of  processor  cooperation  are  still  achievable  in  such  a  situation,  and 
in  fact,  even  in  the  presence  of  up  to  t  <  n/2  such  faulty  processors.  In  particular,  we 
show  that  n  processors,  each  having  a  distinct  name  taken  from  an  unbounded  ordered 
domain,  can  individually  choose  new  distinct  names  from  a  space  of  size  n  +  t  (where  n  is 
an  obvious  lower  bound).  In  case  the  new  names  are  required  also  to  preserve  the  original 
order,  we  give  an  algorithm  in  which  the  space  of  new  names  is  of  size  2t(n  —  t  4- 1)  —  1, 
which  is  tight.  r 


§  Part  of  this  work  was  done  while  the  authors  were  visiting  IBM  Almaden  Research 
Center,  San-Jose. 
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1.  Introduction 


The  problem  of  reaching  agreement  in  distributed  systems  was  the  focus  of  many 
studies  in  the  last  few  years.  One  aspect  of  this  research  is  understanding  the  limitations 
of  asynchronicity.  In  a  fundamental  paper,  Fischer,  Lynch,  and  Paterson  [FLP]  proved 
that  in  a  completely  asynchronous  system  n  processors  cannot  achieve  “weak  consensus” 
in  the  presence  of  faults.  This  holds  even  if  at  most  one  processor  may  become  faulty, 
and  even  in  the  mild  form  of  failstop  fault,  i.e.,  when  a  processor  may  not  start  or  may 
suddenly  stop  functioning. 

This  negative  result  and  later  stronger  versions  of  it  [DDS]  left  the  impression  that 
in  the  presence  of  faults  one  cannot  expect  to  reach  any  nontrivial  goal  that  requires 
participation  of  several  processors.  In  this  paper  we  follow  the  observations  of  [ABDK], 
indicating  that  there  are  some  nontrivial  goal  functions  which  may  be  achieved  in  a  com¬ 
pletely  asynchronous  system,  even  in  the  presence  of  up  to  t  <  n/2  such  faulty  processors. 
We  present  an  algorithm  for  the  problem  of  reducing  the  name  space  of  the  processors, 
raised  in  [ABDK]. 

This  problem  can  be  described  as  follows.  Each  of  the  n  processors  initially  has  a 
unique  name  taken  from  an  unbounded  ordered  domain  (w.l.o.g.,  the  integers).  Throughout 
we  identify  the  processors  with  their  old  names,  and  denote  them  by  p,q,  etc.  We  want  an 
algorithm  that  enables  each  correct  processor  to  choose  (within  a  finite  number  of  steps) 
a  new  name  from  a  space  of  size  AT,  where  N  depends  only  on  n  and  t,  such  that  one  of 
the  following  requirements  hold: 

a.  Uniqueness :  every  two  new  names  are  distinct. 

b.  Order  preserving:  If  p  <  q  then  the  new  name  of  p  is  smaller  than  the  new  name  of  q. 

Naturally,  we  are  interested  in  having  an  algorithm  requiring  the  smallest  possible 
N.  We  refer  to  the  version  of  the  problem  requiring  the  first  property  as  the  uniqueness 
problem,  and  to  the  version  with  the  second  property  as  the  order  preserving  problem. 

These  problems  have  also  some  practical  significance,  as  the  complexity  of  some  dis¬ 
tributed  algorithms  depends  on  the  size  of  the  names  of  the  processors.  One  such  example 
is  the  algorithm  for  the  Choice  Coordination  Problem  [R]. 

Note  that  the  original  names  of  the  participating  processors  are  not  known  to  all 
processors  in  advance.  Otherwise,  there  exists  a  trivial  solution:  assuming  the  old  names 
are  p\  <  p2  <  ...  <  p„,  let  p,  choose  i  as  its  new  name.  This  meets  both  requirements  with 
N  =  n.  We  further  assume  that  once  a  processor  decides  on  a  name,  it  will  not  change  it, 
otherwise  one  can  again  present  a  trivial  solution. 

We  adopt  a  model  similar  to  that  of  [FLP].  The  distributed  system  is  composed  of  n 
asynchronous  processors  P  connected  through  a  completely  asynchronous  communication 
network.  Every  processor  can  directly  send  messages  to  all  the  others,  i.e.,  the  network 
is  complete.  In  an  atomic  step  a  processor  either  sends  a  message  or  reads  a  message. 
Every  message  arrives  its  destination  within  a  finite  but  unbounded  amount  of  time,  and 
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it  arrives  exactly  as  it  was  sent.  The  communication  system  does  not  maintain  the  original 
order  of  the  messages,  so  a  message  m2  may  arrive  before  message  mi ,  even  if  mi  was  sent 
before  m2. 

During  the  run  of  the  system,  processors  might  become  faulty  and  stop  working.  We 
make  the  standard  assumption  that  at  most  t  processors  may  become  faulty,  i.e.,  perform 
only  a  finite  number  of  atomic  steps,  and  the  rest  (called  correct)  must  continue  forever. 
The  two  parameters  n  and  t  are  known  in  advance  to  all  of  the  processors. 

Our  results  hold  also  for  the  case  of  “omission”  faults,  and  are  conceivably  extendable, 
via  standard  techniques,  to  the  case  of  malicious  faults  with  authentication  and  the  general 
malicious  case  (with  appropriate  restrictions  on  n  vs.  <). 

We  represent  the  asynchronous  behaviour  of  the  system  using  the  concepts  of  a 
“scheduler”  and  a  “postman”.  For  every  run,  the  scheduler  creates  an  infinite  sched¬ 
ule  5  =  {PhiPjii  •••)•  The  processor  pJk  makes  the  fc’s  atomic  step  in  the  system.  The 
postman  holds  all  the  messages  that  were  sent,  and  must  deliver  them  within  a  finite  num¬ 
ber  of  steps.  Whenever  a  processor  tries  to  read  a  message  the  postman  decides  whether 
or  not  to  deliver  it  a  message,  and  which  message  to  deliver  from  among  the  messages  that 
were  sent  to  this  processor.  We  say  that  an  algorithm  solves  a  given  problem  in  a  com¬ 
pletely  asynchronous  system  if  the  algorithm  correctly  solves  the  problem  for  tin  arbitrary 
scheduler  and  postman. 

The  main  results  of  this  paper  are  algorithms  for  the  two  versions  of  the  renaming 
problem.  For  the  uniqueness  problem,  our  algorithm  yields  new  names  from  a  space  of 
size  n  +  t  (where  n  is  an  obvious  lower  bound).  This  improves  the  algorithm  presented  in 
[ABDK],  which  results  in  a  space  of  size  nt.  A  simple  probabilistic  version  of  our  algorithm 
yields  a  name  space  of  size  n.  For  the  order  preserving  problem,  we  get  a  new  name  space 
of  size  2t(n  —  t  +  1)  —  1,  which  tightly  matches  the  lower  bound. 

The  rest  of  the  paper  is  organized  as  follows.  In  section  2  we  give  some  lower  bounds 
concerning  the  two  problems.  Both  algorithms  for  the  uniqueness  problem  and  for  the  order 
preserving  problem  use  the  same  schematic  frame  which  is  described  in  section  3.  This  form 
of  presentation  enables  us  to  separate  the  discussion  of  issues  of  partial  correctness  from 
those  of  termination.  The  specific  details  of  the  algorithms  for  the  uniqueness  problem 
and  the  order  preserving  problem  axe  described  in  sections  4  and  5,  respectively. 

2.  Lower  Bounds 

Theorem  2.1:  There  is  no  algorithm  for  solving  the  naming  problems  in  a  completely 
asynchronous  system,  if  n  <  2 1. 

Proof:  Assume  to  the  contrary  that  n  =  2t  and  there  is  an  algorithm  A  which 
solves  one  of  the  above  problems.  Look  at  the  schedule  S  =  (p\ ,  ...pt,p\ ,  ...,p<, ...), 
which  is  legal  because  only  t  processors  pt+\,  ...,pn  are  faulty  (perform  a  finite  num¬ 
ber  of  steps).  Algorithm  A  should  let  the  t  operating  processors  choose  distinct  names 
for  every  set  of  initial  names.  Since  the  original  name  space  is  unbounded  and  the 


space  of  the  new  names  is  finite,  there  exist  two  sets  of  processors’  names,  say  pi,...,pt 
and  q\,...,qt  where  p\  ^  q\  such  that  A  assigns  pi  and  q\  the  same  new  name 
when  the  corresponding  sets  of  processors  participate  with  the  appropriate  schedules, 
Sp  =  (pi,.-,pt,pi,— ,Pt,...)  and  Sq  =  (qi,...,qt,q\,...,qt,—)-  Now  look  at  the  schedule 
S  =  (pi,...pt,pi,...,pt,...,gi,..-9t,9i,-"9i>-")>  which  the  first  appearance  of  qi  is  after 
Pi,  ...,Pi  have  chosen  their  names  (this  must  happen  within  a  finite  number  of  steps).  The 
postman  delays  all  messages  sent  between  the  two  sets  of  t  processors  until  all  the  pro¬ 
cessors  choose  names  (and  again  this  occurs  after  a  finite  number  of  steps).  For  processor 
qi  (resp.,  pi)  the  schedule  Sq  (resp.,  Sp )  is  indistinguishable  from  the  schedule  S.  Hence, 
they  both  choose  the  same  name;  a  contradiction.  | 

An  argument  similar  to  the  proof  of  Lemma  2.1  implies  that  one  cannot  design  an 
algorithm  in  which  processors  stop  after  they  choose  new  names,  because  once  n  —  2t. 
processors  choose  new  names,  the  last  t  processors,  which  may  start  running  after  that 
decision,  cannot  choose  correctly. 

Hence,  in  our  algorithms  we  assume  that  n  >2t  +  l  and  that  every  processor  continues 
to  cooperate  after  it  chooses  its  name,  to  help  the  others. 

Theorem  2.2:  Every  algorithm  for  solving  the  uniqueness  problem  requires  N  >  n. 

Proof:  :  We  must  have  n  different  names  for  the  n  possibly  correct  processors  that  may 
want  a  new  name.  | 

Theorem  2.3  [ABDK]:  Every  algorithm  for  solving  the  order  preserving  problem  re¬ 
quires  N  >  2t(n  —  t  +  1)  —  1.  | 

Remark:  The  lower  bound  of  Thm.  2.3  holds  also  if  the  system  is  synchronous,  but  we 
do  not  know  when  a  processor  makes  its  first  step. 

3.  The  Schematic  Algorithm 

In  this  section  we  describe  a  schematic  algorithm  for  the  renaming  problem.  For  the 
time  being  we  do  not  specify  the  structure  of  new  names,  the  order  relation  on  new  names 
or  the  criteria  for  choosing  a  name,  but  rather  give  a  general  strategy  for  the  process  of 
selecting  names  and  study  its  properties. 

Throughout  the  algorithm  each  processor  p  maintains  an  ordered  vector  V  containing 
information  about  the  processors  (old  names)  of  which  it  knows.  The  processors  dynami¬ 
cally  update  their  vectors  V  by  exchanging  them  with  all  the  others.  Each  processor  also 
maintains  a  counter  c  which  is  the  number  of  processors  that  have  indicated  having  the 
same  set  V . 

Since  t  processors  might  be  faulty,  a  processor  cannot  expect  to  get  more  than  n  -  t 
messages  from  different  processors  (including  itself).  Thus,  after  receiving  c  =  n  —  t 


identical  copies  of  the  vector  V,  it  makes  no  sense  to  wait  for  more  information  (which 
might  never  arrive),  and  the  processor  should  take  some  action.  This  observation  leads  us 
to  defining  the  basic  notion  of  a  stable  vector. 

Definition  3.1:  A  vector  V  is  stable  with  respect  to  a  processor  p  in  a  given  run  of  the 
algorithm  if  p  has  received  n  —  t  messages  containing  identical  copies  of  V  (including  its 
own  copy).  V  is  stable  if  it  is  stable  w.r.t.  some  processor  p. 

The  algorithm  is  based  on  the  following  general  strategy.  A  processor  is  requires  to 
reach  a  stable  vector  V,  and  then  to  suggest  a  name  based  on  V.  Then  the  processor 
exchanges  information  once  more  with  the  other  processors,  until  it  reaches  a  stable  vector 
again.  Now  the  processor  has  to  review  its  suggestion,  by  checking  whether  it  is  currently 
valid.  In  case  the  new  information  validates  the  suggestion,  the  processor  now  decides 
on  its  name.  Otherwise  (e.g.,  if  the  same  name  was  suggested  by  some  other  processor 
simultaneously,  or  some  other  problem  arises),  the  processor  has  to  make  a  new  suggestion 
and  repeat  the  process. 

The  issues  that  arise  in  this  type  of  an  algorithm  are  partial  correctness,  namely 
whether  the  algorithm  guarantees  that  any  names  which  are  actually  chosen  obey  the  re¬ 
quirements  of  the  problem,  and  termination,  namely  whether  all  correct  processors  even¬ 
tually  get  to  choose  a  new  name.  The  schematic  algorithm  presented  here  is  partially 
correct  in  this  sense,  but  its  termination  properties  depend  on  the  specific  details  of  the 
name  structure  and  name  selection  procedures. 

Data  structures 

The  information  maintained  by  processors  during  the  execution  of  the  algorithm  con¬ 
sists  of  vectors  V  containing  an  entry  for  each  known  processor.  Each  entry  contains 
several  components,  including  the  following: 

1.  p,  the  old  name  of  the  processor. 

2.  xp,  a  new  name  suggested  by  p. 

3.  Jp,  a  counter  of  the  name  suggestions. 

4.  bp,  a  “decision”  bit,  which  is  1  if  p  already  decided  on  a  name  and  0  otherwise. 

5.  Lp,  the  list  of  old  names  appearing  in  the  vector  by  which  xp  was  suggested. 

We  should  comment  that  each  of  the  specific  algorithms  derived  for  our  problems  uses 
only  part  of  the  above  information.  In  particular,  the  algorithm  for  the  uniqueness  problem 
does  not  need  the  Lp  component,  and  the  algorithm  for  the  order  preserving  problem  can 
do  without  the  xp,  Jv  and  bp  components.  However  we  include  all  of  them  in  the  schematic 
algorithm  for  unified  presentation. 

Throughout  the  rest  of  the  paper  we  use  the  following  notation  with  respect  to  vectors 
V.  Denote  by  Do(V)  the  subvector  containing  exactly  the  entries  in  which  6  =  0  (i.e.,  the 
entries  of  processors  that  have  not  yet  decided  on  a  name).  Let  P(V)  be  the  set  of 
processors  (old  names)  in  V,  and  let  ,Y(F)  be  the  set  of  new  names  in  V.  Denoting  the 
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space  of  new  names  by  NS,  let  free(V)  =  NS  —  X(V )  be  the  set  of  free  (unsuggested) 
names  in  V.  As  a  rule,  sets  of  (old  or  new)  names  are  always  taken  to  be  ordered.  We 
informally  refer  to  the  number  of  entries  in  V  (=|  P(V )  |)  as  |  V  |,  and  say  p  £  V  or  x  £  V 
as  a  shorthand  for  p  £  P(V)  or  x  £  X(V),  respectively. 

Suppose  a  processor  p  suggests  a  name  xp  on  the  basis  of  a  stable  vector  V.  This 
vector  is  henceforth  referred  to  as  the  choice  vector  of  xp ,  and  the  list  P(V)  of  old  names 
(to  be  inserted  into  future  vectors  as  Lp)  is  called  the  choice  list  of  xp.  Similarly,  |  V  | 
and  the  index  of  p  in  V  are  referred  to  as  the  choice  length  and  the  choice  index  of  xp, 
respectively. 

The  vectors  axe  ordered  by  increasing  order  of  the  old  names  p.  Initially,  the  vector 
held  by  p  contains  only  one  column  corresponding  to  p  itself,  with  all  components  except 
the  first  set  to  the  appropriate  null  values. 

We  need  a  certain  partied  ordering  on  vectors.  This  ordering  reflects  the  accumulation 
of  knowledge  in  the  processors.  Intuitively,  V  >  V'  means  that  V  is  more  updated  than 
V'.  The  ordering  is  defined  as  follows. 

Definition  3.2:  For  two  vectors  V) ,  V2 ,  we  say  that  V)  <  V2  iff  for  every  processor  p, 
p  6  V 1  =$►  (p  £  V2  and  Jp  in  V2  is  no  smaller  than  Jp  in  Vi). 

The  current  validity  requirement 

Suppose  a  processor  p  has  suggested  a  name  xp  for  itself,  exchanged  information 
with  the  other  processors  and  reached  a  stable  vector  V.  This  name  xp  has  to  satisfy  the 
requirement  that  it  is  currently  valid.  This  requirement,  later  referred  to  as  the  requirement 
of  current  validity,  or  requirement  CV,  translates  into  the  following  conditions: 

In  the  uniqueness  case:  The  name  xp  is  different  from  any  other  suggested  name 
xq  eX(V). 

In  the  order  preserving  case:  The  name  xp  preserves  the  ordering  with  respect  to 
any  other  entry  in  the  vector.  I.e.,  for  every  q ,  if  xq  £  X(V),  then  xp  <  xq  iff  p  <  q.  (Note 
that  these  may  be  different  name  spaces  and  order  relations.) 
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The  schematic  algorithm  A 

/*  For  a  processor  p.  Counter  c  counts  the  number  of  identical  copies  of  V  p  gets.  * / 
0.  Construct  an  initial  V  (with  one  entry  -  for  p). 

1.  /*  sending  a  new  vector  */ 

a.  send  V  to  every  other  processor. 

b.  c  «—  1. 

2.  Wait  until  you  receive  a  message  V' 

a.  if  V'  <  V  then  /*  V'  contains  old  information  */ 

return  to  2 

b.  if  V'  ^  V  (i.e. ,  there  is  some  q  (E  V'  s.t.  q  $  V  or  Jq  in  V  is  smaller  than  in  V') 
then 

update  V 
return  to  1 

c.  if  V  =  V'  then  /*  heard  of  another  identical  copy  */ 

c  *—  c  +  1 

if  c  <  n  —  t  then  return  to  2  else  goto  3. 

3.  /*  V  is  a  stable  vector  */ 

If  previously  suggested  a  name  xp,  and  this  name  satisfies  requirement  CV  then 

a.  decide  on  x„ 


c.  send  V  to  every  other  processor 

d.  goto  5. 

4.  /*  needs  to  suggest  a  new  name  *  / 

a.  test  for  condition  Ca  to  decide  whether  to  suggest  a  name.  If  “no”  return  to  2. 

b.  suggest  a  name  xp  using  procedure  Pa  ■ 


c.  insert  xp  to  V 


Jp  +  1 


e.  update  Lp  if  necessary. 

f.  return  to  1. 

5.  /*  echo  stage  -  helping  other  processors  */ 
continue  for  ever: 

a.  read  a  message  V' 

b.  update  V  if  necessary. 

c.  send  V  to  every  other  processor. 


Note  that  condition  Ca  and  procedure  Pa  are  left  unspecified. 


m 
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Partial  correctness 

We  need  some  lemmas  concerning  the  order  relation  on  vectors.  The  first  trivial 
observation  follows  directly  from  the  definition  of  the  algorithm  A. 

Lemma  3.1:  For  every  processor  p  and  for  every  run  of  A,  the  set  of  vectors  held  by  p 
during  the  run  is  totally  ordered.  1 

In  fact,  this  ordering  corresponds  directly  to  the  time  ordering  in  which  these  vectors 
were  held  by  p. 

Lemma  3.2:  In  any  run  of  A,  the  set  of  stable  vectors  is  totally  ordered. 

Proof:  Assume  V  and  V'  are  two  incomparable  stable  vectors  obtained  in  the  same  run. 
V  is  stable  w.r.t.  some  processor,  so  this  processor  received  copies  of  V  from  at  least  n  —  t 
distinct  processors.  The  same  holds  for  V1 .  Since  n  >  2t  +  1,  there  is  some  processor  p 
that  sent  both  V  and  V1 .  Hence  p  held  both  vectors  at  different  stages  of  the  run,  which 
contradicts  Lemma  3.1.  | 

We  now  prove  the  following  partial  correctness  claim  with  respect  to  the  schematic 
algorithm. 

Lemma  3.3:  If  p  and  q  have  decided  on  new  names  xp  and  xq  respectively,  then  these 
names  satisfy  the  requirements  of  the  problem. 

Proof:  Assume  that  xp  and  xq  do  not  satisfy  the  requirement  of  the  problem.  Let  Vp 
(resp.  Vq)  be  the  stable  vector  which  p  (resp.  q )  held  when  deciding  upon  its  new  name. 

If  Vp  <  Vq  then  the  name  xp  must  appear  also  in  Vq,  since  p  never  changes  its  suggested 
name  after  decision.  Therefore  the  choice  of  xq  by  q  is  invalid,  as  it  conflicts  requirement 
CV.  A  similar  contradiction  follows  from  assuming  Vq  <  Vp  or  Vp  =  Vq.  | 

4.  The  Uniqueness  Problem 

In  this  section  we  describe  an  algorithm  for  the  uniqueness  problem  and  prove  its 
correctness. 

The  new  name  space  is  UN  S  =  {l,...,n  +  f},  and  we  use  an  instance  of  the  schematic 
algorithm.  We  have  to  specify  the  details  of  step  4  of  the  algorithm,  particularly  condition 
C a  and  procedure  Pa- 

Suppose  p  obtains  a  stable  vector  V  and  let  r  be  the  index  of  p  in  Do{V). 

Condition  C a'.  If  r  >  t  +  1  then  “no”  /*  do  not  suggest  any  name  */ 

Procedure  Pa :  Let  xp  <—  (free(V))(r). 

Partial  correctness  follows  from  the  proof  of  the  schematic  algorithm.  It  is  also  clear 
that  whenever  a  process  has  to  suggest  a  name,  such  a  name  is  available,  since  always 
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|  free(V)  |>  t  +  1,  hence  no  processor  “gets  stuck”.  It  remains  to  prove  termination.  This 
requires  us  to  show  that  every  correct  processor  eventually  gets  to  decide  on  a  new  name. 
We  prove  this  by  assuming  the  opposite  and  deriving  a  contradiction. 

Assume  the  existence  of  a  run  (scheduler  plus  postman)  in  which  some  of  the  correct 
processors  p  continue  running  forever  with  bp  —  0.  Let  us  introduce  the  following  notation. 
Denote  by  Dj  the  set  of  all  processors  p  that  decide  on  a  name  along  the  run  (i.e.,  that 
switch  to  bp  =  1  and  stop  increasing  Jp  at  some  point),  and  let  Do  =  P  —  D\.  Our 
hypothesis  is  that  D0  contains  at  least  one  correct  processor.  Denote  by  F,  F  C  D0,  the 
set  of  all  processors  p  that  stop  increasing  Jp  (but  remain  with  bp  =  0)  from  some  point 
on,  and  let  W  =  Do  —  F. 

Lemma  4.1:  W  ^  0. 

Proof:  Assume  to  the  contrary  that  W  =  0,  or  F  =  Do-  Consider  the  point  of  time 
by  which  all  processors  reached  their  final  J.  The  information  exchanged  from  that  point 
on  does  not  change,  so  at  some  later  point  all  correct  processors  obtain  a  stable  vector. 
Consider  the  smallest  correct  processor  in  Do  (there  is  such  a  processor  by  our  general 
hypothesis).  Its  index  in  Do  is  at  most  t  + 1,  so  by  the  rules  of  the  algorithm  it  will  suggest 
a  new  name  and  increase  its  J;  a  contradiction.  | 


Consequently,  let  p0  be  the  smallest  processor  (old  name)  in  W. 


Since  W  ^  0,  the  set  of  stable  vectors  obtained  during  the  run  is  infinite.  From  some 
point  on,  all  these  vectors  V  satisfy  the  following  properties: 


1.  their  length  is  |  V  |=  k  for  some  k  >  n  —  t  (which  does  not  change  afterwards),  and 


2.  all  processors  in  D\  U  F  have  reached  their  final  J  value  (hence  they  do  not  suggest 
any  new  names  afterwards,  and  in  particular,  all  processors  in  D\  already  have  b  =  1). 


Let  Vj i  be  the  first  stable  vector  with  the  above  properties  (where  by  “first”  we  mean 
smallest  according  to  the  ordering  defined  earlier  for  vectors).  Hereafter  we  refer  to  every 
stable  vector  V  >  Vi  as  a  limit  vector.  Note  that  for  all  limit  vectors  V  the  subvector 
Do(V)  is  fixed  and  the  set  of  processors  in  it,  P(Do(V)),  is  exactly  Do- 


Denote  the  index  of  po  in  the  set  Do  by  ro-  By  the  rules  of  the  algorithm  it  is  clear 
that  for  every  p  £  W,  the  index  of  p  in  the  set  Do  is  at  most  t  -f  1.  In  particular, 


Lemma  4.2:  r0  <  t  -f  1.  1 


Let  us  now  classify  the  names  in  U NS  as  follows.  Let  Xp{  (resp.,  Xp)  denote  the  set  of 
(final)  new  names  suggested  by  processors  in  D\  (resp.,  F),  and  let  G  =  U N S  —  (X d,  UAV)- 
Intuitively,  G  is  the  set  from  which  the  processors  of  W  continuously  attempt  to  choose 
names.  For  every  stable  limit  vector  V  let  Xw(V)  denote  the  set  of  new  names  suggested 
by  the  processors  of  W  in  V.  Note  that  for  every  limit  vector  V,  G  =  free(V)  U  Xw(V). 
Assume  that  G  is  ordered,  and  let  G  =  {x\,X2,  ■  ■  For  every  stable  limit  vector  V  and 
for  every  name  x  £  free(V),  denote  by  f(x)  its  index  in  free(V).  Clearly  f(x,)  < 


There  is  a  later  point  in  time  after  which  every  processor  in  W  have  already  suggested 
a  name  based  on  a  limit  vector.  Hence  there  is  a  future  point  in  which  po  holds  a  stable 
vector  V'L  in  which  the  choice  vector  of  every  name  in  X\v(V[)  is  a  limit  vector. 

Lemma  4.3:  In  every  stable  vector  V  >  V[,  either  xro  €  free(V)  or  xro  is  suggested  only 
by  p0. 

Proof;  Assume  to  the  contrary  that  xro  appears  in  V  as  a  name  suggested  by  some 
q  €  W,  q  ^  po-  Then  q  suggested  xTo  according  to  some  stable  limit  vector  V1.  But  then 
/(*  r0)  <  ro  in  free(V'),  so  q  could  not  have  suggested  it,  as  its  index  in  Do  is  strictly 
larger  than  r0.  | 

Therefore,  upon  seeing  V[,  po  either  decides  immediately  on  xro  as  its  name  (in  case 
xro  appears  as  its  suggested  name  in  V[)  or  it  suggests  xro  now  and  decides  on  it  upon 
obtaining  the  next  stable  vector. 

It  follows  that  po  does  decide  on  a  new  name,  contradicting  the  assumption  that 
Po  £  D0 .  This  proves 

Lemma  4.4:  In  every  run  of  the  algorithm,  all  the  correct  processors  eventually  decide  on 
new  names.  | 

Theorem  4.5:  There  is  an  algorithm  for  the  uniqueness  problem  which  uses  the  names 
{1  ,...,n  +  i}.  | 

We  remark  that  one  can  construct  a  simplified  probabilistic  version  of  this  algorithm, 
in  which  the  new  name  space  is  of  size  n,  and  processors  suggest  new  names  at  random 
from  the  set  /ree(V)  with  equal  probability.  For  such  an  algorithm,  partial  correctness  is 
handled  just  as  before,  and  (expected)  termination  can  be  proved  by  standard  probabilistic 
arguments. 

5.  The  Order  Preserving  Problem 
5.1.  The  Algorithm 

We  first  give  a  simplified  version  of  the  algorithm,  which  makes  the  proof  easier  but 
yields  a  larger  name  space  than  is  implied  by  the  lower  bound.  Later  we  indicate  how  to 
shrink  the  name  space  further,  so  as  to  match  the  lower  bound.  The  name  space,  OPNS, 
contains  names  which  are  of  the  following  form.  Each  name  x  consists  of  a  sequence  of 
t  +  1  numbers,  <  xn-t,xn-t+i, . . .  ,xn  >,  where  0  <  x*  <  n  and  0  <  x}  —  x,  <  j  —  i  for  all 
j  >  i  such  that  both  x}  and  x,  are  nonzero.  We  sometimes  call  such  names  legal  sequences. 

The  rightmost  nonzero  entry  in  a  name  x,  x^',  plays  an  especially  important  role  in 
the  description  of  the  algorithm.  In  every  suggested  name  x,  this  K  corresponds  to  the 
choice  length  of  x,  and  x/\-  itself  is  the  choice  index  of  x. 

We  define  a  partial  order  on  the  name  space  OPNS  as  follows. 


Definition  5.1:  Let  xj  =<  x*  . . .  ,xj,  >  and  x2  =<  x2n_t,  >  be  two  names  in 

OPNS,  with  choice  lengths  A'i  and  A'2,  respectively.  Without  loss  of  generality  assume 
K\  >  K2.  We  say  that  xx  >  x2  iff  >  0. 

The  order  relation  is  not  defined  for  every  pair  of  names  in  OPNS,  but  the  algorithm 
guarantees  that  names  that  are  actually  chosen  in  any  specific  run  are  always  ordered. 


Again  we  use  an  instance  of  the  schematic  algorithm.  We  have  to  specify  the  process 
of  suggesting  a  name.  Initially  for  every  p,  xp  is  the  all-zero  tuple.  Suppose  p  obtains  a 
stable  vector  V  of  length  K  in  which  it  is  in  the  r’th  entry.  The  condition  Ca  is  always 
“yes”,  that  is,  a  processors  never  “passes”  the  opportunity  to  suggest  a  name.  The  name 
suggestion  procedure  Pa  is  defined  as  follows.  New  suggestions  always  update  previous 
ones,  in  the  sense  that  some  zero  entries  are  changed  into  nonzero  ones  (but  nonzero  entries 
do  not  change  again).  Specifically, 


(1)  if  xpK  =  0  then  xpK  <—  r. 


(2)  for  every  x'  €  X{V)  whose  choice  length  and  choice  list  are  K'  and  V  respectively,  if 
„p  —  n  tu**,  ~p  a?  where  a  is  the  unique  integer  satisfying  L'(a  —  1)  <  p  <  L'(a). 


XK'  ~  0  then  xpK, 


Again,  partial  correctness  follows  from  the  proof  of  the  schematic  algorithm.  It  is 
also  clear  that  whenever  a  process  has  to  suggest  a  name,  the  procedure  Pa  does  not  “get 
stuck”.  It  remains  to  prove  termination. 


Lemma  5.1:  If  V  and  V'  are  stable  vectors  of  the  same  length  then  P{V)  —  P{V'). 
Proof:  Immediate  from  Lemma  3.2  and  Definition  3.2.  | 


Lemma  5.2:  Suppose  a  processor  p  obtains  a  stable  vector  V  in  which  its  suggested  name 


Xp  violates  requirement  CV  w.r.t.  a  suggested  name  xq,  whose  choice  length  is  K.  Then 


,P  - 


‘  K 


=  0. 


Proof:  Assume  that  xph-  =  a  ^  0.  Then  a  describes  the  index  of  p  in  P(V)  for  some 


stable  vector  V  of  length  K.  Let  V'  be  the  choice  vector  of  xq.  Since  I\  is  the  choice  length 
of  xq,  |  V'  |=|  V  |,  so  by  Lemma  5.1  P(V’)  =  P{V).  Let  0  be  the  index  of  q  in  P(V') 


(0  =  x^-).  By  the  choice  of  a,  p  >  q  iff  a  >  0,  or,  iff  xpK  >  x9k,  which,  by  the  definition 


of  the  ordering  on  OPNS,  holds  iff  xp 
requirement  CV,  contradicting  the  assumption  of  the  lemma. 


>  xg,  which  means  that  xp 


and  xa  do  not  violate 


I 


Lemma  5.3:  In  every  run  of  the  algorithm,  every  correct  processor  decides  on  a  new  name 
after  at  most  t  -f  1  suggestions. 


Proof:  In  every  suggestion  made  by  p,,  at  least  one  entry  in  x,  changes  from  zero  to  a 
nonzero  value,  and  there  are  only  t  +  1  entries.  Therefore  a  processor  cannot  make  more 
than  t  +  1  suggestions.  Since  processors  that  decide  do  not  change  their  entries  any  more, 
and  processors  with  6  =  0  do  not  make  any  changes  (new  suggestions)  before  obtaining  a 
new  stable  vector,  it  is  clear  that  as  long  as  there  are  processors  with  6  =  0,  some  of  them 
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will  eventually  obtain  a  stable  vector  and  either  decide  or  make  a  new  suggestion,  until  all 
processors  decide.  | 

5.2.  Reducing  the  name  space 

In  this  section  we  slightly  modify  the  algorithm,  and  then  show  that  the  number  of 
different  possible  sequences  that  processors  can  choose  is  2t(n  —  t  +  1)  —  1. 

Definition  5.2:  A  complete  legal  sequence ,  or  CLS,  is  a  legal  sequence 

<  xn-t, ...,  i/c,  0, ...,  0  >  such  that  for  all  n  —  t  <  *  <  K,  x,-  ^  0. 

Lemma  5.4:  Every  legal  sequence  <  xn_*,...,x/<-, 0, ...,0  >  can  be  extended  into  a  CLS 

<  x'n_1,...,x'if,0,...0  >  such  that  if  Xj  ^  0  then  x'  =  xy.  | 

We  now  modify  step  3a  of  the  algorithm  to  be:  Choose  a  CLS  yp  which  is  an  arbitrary 
extension  of  xp  and  decide  on  yp. 

Lemma  5.5:  The  modified  algorithm  is  still  correct. 

Proof:  We  have  to  show  that  for  every  two  processors  p  and  q,  the  names  yp  and  yq 

preserve  the  same  ordering  as  the  original  xp  and  xq.  Let  Kp  (resp.,  Kq)  be  the  choice 

length  of  xp  (resp.,  xq).  These  lengths  remain  the  same  in  yp  and  yq,  as  no  entries  to 
their  right  are  changed.  Assume  w.l.o.g.  that  Kp  >  Kq.  It  follows  that  xpK  and  x9K  are 
nonzero,  so  they  are  not  changed  in  yp  and  yq.  Thus,  the  same  ordering  is  preserved.  1 

Let  us  now  analyze  the  size  of  the  resulting  name  space.  Every  CLS 

x  =<  xn_t,  ...,xk,0,  ...,0  >  cam  be  encoded  by  a  sequence  <  r,ei,...,e*  >,  where 

ti  €  {0,1}  and  k  =  K  —  (n  —  t).  This  encoding  is  obtained  by  taking  r  =  xn_t  and 
€i  =  xn_t+,  —  xn_(+,_i .  The  total  number  of  possible  names  now  becomes 

N  <  (n  -  t  +  =  (n  -  t  +  1)(2,+1  -  1). 

k=0 

This  value  is  already  less  than  twice  the  value  of  the  lower  bound  given  in  Thm.  2.3.  We 
now  proceed  to  reduce  this  value  further  and  match  it  with  the  lower  bound.  This  is  done 
by  showing  that  one  can  actually  do  with  only  about  half  the  above  sequences,  e.g.,  those 
whose  last  bit  is  0. 

Define  C  --  the  class  of  all  CLS’s  x  =<  a„_t,  ...,a^,0, ...,  0  >  such  that  K  >  n  —  t  and 
OIK- 1  <  01 K ■■ 

For  every  x  =<  an-t,  ...,Qr/f,0,  ...,0  >6  C,  let 

/(x)  =<  a„-t,  ...,am_i,am  +  l,am+i  +  l,...,a^_i  +  1, Oft',0, ...,0  >, 

where  m  is  the  maximal  index  s.t.  am-i  =  am,  if  exists,  and  m  =  n  —  t  otherwise.  Note 
that  /(x)  is  a  CLS  and  /(x)  £  C. 


Lemma  5.6:  Let  x  G  C  and  let  y  =  /(x)  as  above.  If  some  processor  p  decides  on  x  then 
no  other  processor  decides  on  y. 

Proof:  The  claim  follows  from  the  fact  that  the  names  x  and  y  have  the  same  choice 
length  and  the  same  choice  index,  so  they  cannot  be  chosen  together  in  the  same  run.  1 

Lemma  5.7:  Let  x  €  C  and  let  y  =  /(x)  as  above.  If  some  processor  p  decides  on  x  then: 

а.  For  every  CLS  z,  if  some  processor  q  decides  on  z  then  z  is  comparable  with  y  and 

z  >  y  iff  z  >  x. 

б. '  For  every  CLS  z  €  C ,  if  some  processor  q  decides  on  z  and  w  =  f{z),  then  w  is 
comparable  with  y  and  w  >  y  iff  w  >  x. 

Proof:  For  the  first  claim,  assume  that  some  processor  q  decides  on  z,  and  let  Kz  be  the 
choice  index  of  the  name  z.  We  distinguish  between  the  following  two  cases. 

z  <  x:  If  Kz  <  K  then  zk,  <  xk,  <  VK,-  Otherwise,  zk  <  xk  =  Vk-  In  both  cases  it 
follows  that  z  <  y. 

z  >  x:  This  case  is  divided  further  into  three  subcases. 

(1)  Kz>  K:  Then  zk  >  xk  =  yx  which  implies  z  >  y. 

(2)  Kz  <  m:  Then  zk,  >  xk,  =  yK,  (because  x  and  y  axe  identical!  up  to  the  m  —  l’th 

entry),  so  z  >  y. 

(3)  K  >  Kz  >  m:  If  zk,  >  yK,  then  immediately  z  >  y.  Otherwise,  we  get  a  contradiction 
to  the  maximality  of  m  as  follows.  In  this  case,  zk,  =  xk,  =  yK,  —  1.  The  choice  list 
of  q  could  not  have  contained  p,  because  if  it  did  then  the  Jfv^’th  entry  in  the  name 
suggested  by  p  would  have  to  be  different  than  oik,  ■  Therefore,  the  first  stable  vector 
obtained  by  p  was  of  length  m' ,  m'  >  Kz  >  m,  which  implies  that  xm»  =  xm«_i  for 
some  m  <  m"  <  m' ,  contradicting  the  definition  of  m. 

The  second  claim  follows  from  a  slightly  more  involved  case  analysis,  based  on  similar 
considerations.  | 

We  now  modify  the  algorithm  once  more,  changing  step  3a  of  the  algorithm  to  be: 
Choose  a  CLS  yp  which  is  an  arbitrary  extension  of  xp.  If  yp  $  C  then  decide  on  it. 
Otherwise,  decide  on  f(yp ). 

Lemma  5.8:  The  modified  algorithm  is  still  correct. 

Proof:  We  have  to  show  that  for  every  two  processors  p  and  q ,  the  final  names  chosen  by 
p  and  q  preserve  the  ordering  of  yp  and  yg,  which  by  Lemma  5.5  is  identical  to  the  ordering 
of  the  original  xp  and  xq.  This  follows  directly  from  the  last  two  lemmas.  | 

Finally  we  re-analyze  the  size  of  the  resulting  name  space.  Using  the  encoding  de¬ 
scribed  earlier,  There  are  two  cases: 


1.  If  k  =  0  then  there  axe  n  —  t  possible  CLS’s. 

2.  If  k  >  1  then  et  =  0  according  to  lemma  5.6,  and  there  are  (n  —  t  +  l)2fc-1  possible 
CLS’s  (since  if  p  does  not  appear  in  the  list  with  length  n  —  t  and  his  name  is  greater 
than  all  the  name  in  that  list  then  r  =  n  —  t  +  1). 

The  size  of  the  new  name  space  is  thus 

t 

N  =  (n-t)  +  (n-t+  1)^2  2’-1  =  2‘(n  -  t  +  1)  -  1. 

i=  l 

Theorem  5.9:  There  is  an  algorithm  for  the  order  preserving  problem  which  uses  the 
names  {1, ...  ,2*(n  —  t  +  1)  —  1}.  | 
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